Edgewall Software

Changes between Initial Version and Version 1 of TracDev/TracSession


Ignore:
Timestamp:
Jun 5, 2011, 10:16:34 PM (13 years ago)
Author:
Peter Suter
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • TracDev/TracSession

    v1 v1  
     1= Session =
     2
     3A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like:
     4 * If the user is logged in
     5 * The user's authentication details
     6 * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences]
     7This is commonly implemented using cookies.
     8 
     9== Session user interface ==
     10
     11In Trac's [/prefs/advanced Advanced Preferences] the user can save a session key and restore his session from a different computer.
     12
     13== Session administration ==
     14
     15Session keys can also be managed using the [wiki:TracAdmin#FullCommandReference TracAdmin] ''session'' commands.
     16
     17== Session API ==
     18
     19[source:trunk/trac/web/session.py trac.web.session.Session] provides an API to save arbitrary per-session data.
     20
     21The session for the current web request can be accessed in {{{req.session}}}.
     22
     23== Session storage in the Database ==
     24
     25The per-session data is stored in the database. Specifically in the ''session'' and the ''session_attribute''  [wiki:TracDev/DatabaseSchema tables]. (The session key / cookie identifies the relevant entries in these tables.)
     26
     27Note: as we often manipulate both the ''session'' and the ''session_attribute'' tables, there's a possibility of table deadlocks (#9705). We try to prevent them to happen by always accessing the tables in the same order within the transaction, first `session`, then `session_attribute`.
     28
     29== Session cookie ==
     30
     31The session key is stored in the ''trac_session'' cookie.
     32
     33== Authentication cookie ==
     34
     35The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. (The cookie identifies the relevant entry in that table.)
     36
     37The lifetime and the path of this cookie can be configured in [wiki:TracIni#trac-section trac.ini] with ''auth_cookie_lifetime'' and ''auth_cookie_path''.